81 matches found
PT-2025-46821
Name of the Vulnerable Software and Affected Versions pgAdmin versions prior to 9.9 Description The software is susceptible to an LDAP injection issue within the LDAP authentication process. An attacker can inject specific LDAP characters into the username field. This manipulation forces the...
PT-2025-44508
Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1 Description The software contains a stored cross-site scripting XSS issue. An attacker can inject JavaScript code through a manipulated username that is stored and then displayed on admin or user-faci...
CVE-2025-12208 SourceCodester Best House Rental Management System admin_class.php login2 sql injection
A vulnerability was found in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /adminclass.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been mad...
EUVD-2007-3801
Malware in sbrugna...
EUVD-2010-2243
Malware in sbrugna...
EUVD-2014-1059
Malware in sbrugna...
EUVD-2015-7628
Malware in sbrugna...
CVE-2025-10967
A vulnerability was detected in MuFen-mker PHP-Usermm up to 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9. This affects an unknown part of the file /chkuser.php. Performing manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit is now public a...
CVE-2025-59424 LinkAce Vulnerable to Stored XSS on the Audit Page
LinkAce is a self-hosted archive to collect website links. Prior to 2.3.1, a Stored Cross-Site Scripting XSS vulnerability has been identified on the /system/audit page. The application fails to properly sanitize the username field before it is rendered in the audit log. An authenticated attacker...
CVE-2025-9739
A vulnerability has been found in Campcodes Online Water Billing System 1.0. Affected by this issue is some unknown functionality of the file /process.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...
PT-2025-35431
Name of the Vulnerable Software and Affected Versions: Campcodes Online Learning Management System version 1.0 Description: A security flaw has been discovered in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code within the /admin/login.php file. Manipulatio...
Exploit for CVE-2007-2447
CVE-2007-2447 Samba Exploit A Rust implementation of the CVE-...
CVE-2025-7950
A vulnerability was found in code-projects Public Chat Room 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been...
GHSA-PHHR-52QP-3MJ4 Transformers's Improper Input Validation vulnerability can be exploited through username injection
Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the imageutils.py file. The vulnerability arises from insecure URL validation using the startswith method, which can be bypassed through URL username injection. This allows attackers to...
Transformers's Improper Input Validation vulnerability can be exploited through username injection
Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the imageutils.py file. The vulnerability arises from insecure URL validation using the startswith method, which can be bypassed through URL username injection. This allows attackers to...
URL Parsing Issue
Repository: Hugging Face Transformers File: imageutils.py Line: 834 Code Snippet: if video.startswith"https://www.youtube.com" or video.startswith"http://www.youtube.com": Vulnerability Description: The current implementation checks if a video URL starts with "https://www.youtube.com" or...
PT-2024-16473 · Unknown · Code-Projects Wazifa System
Name of the Vulnerable Software and Affected Versions: code-projects Wazifa System version 1.0 Description: A critical issue was found in the code-projects Wazifa System, affecting an unknown part of the file /controllers/logincontrol.php. The manipulation of the username argument leads to SQL...
CVE-2024-9460
A vulnerability was found in Codezips Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...
Loan Management System SQL Injection Vulnerability
Loan Management System is a loan management system by razormist Personal Developer. A SQL injection vulnerability exists in itsourcecode Loan Management System version 1.0, which is caused by an unknown function in login.php in the component Login, which leads to SQL injection via the parameter...
PT-2023-25741 · Sourcecodester · Sourcecodester Insurance Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Life Insurance Management System version 1.0 Description: A critical vulnerability was found in the SourceCodester Life Insurance Management System. This issue affects the file login.php and is caused by the manipulation of the...